Is there some euro law that might block their use of customer data as part of their DRM encryption?

There is a data protection directive (the UK law is the Data Protection Act: DPA). I don't think it would outlaw using credit card details as part of the DRM. Google "information commissioner" for more info on the DPA.